KfWiki: Postfix + smtp_auth + mysql + courier + postfixadmin + squirrelmail

HomePage » Mail » Postfix » PostfixVirtualHost

Postfix + smtp_auth + mysql + courier + postfixadmin + squirrelmail

References:
http://hostingsoftware.net/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=56
http://funinc.org/w/20080529/postfixadmin-with-postfix-dovecot-and-mysql.moo/
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html
http://www.webconexion.net/knowledgebase/linux_howto/virtual_mail_server.php
http://bliki.rimuhosting.com/comments/knowledgebase/linux/mail/postfixadmin+on+RHEL4
http://switch.richard5.net/isp-in-a-box-v2/configuring-the-mail-server-components/configuring-sasl-for-smtp-authentication/

Dependencies

up2date openldap-devel openldap-servers postgres-devel expect-devel postfix gamin-devel

Install Cyrus-sasl for SMTP auth

Supposedly, the rpm from redhat should work. So try this first

up2date cyrus-sasl cyrus-sasl-devel cyrus-sasl-sql

For me, the above doesn't work and I had to do a source install (remove the rpm's first, install at the same location)

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
export CPPFLAGS="-I/usr/include/mysql"
export LDFLAGS="-L/usr/lib/mysql -lmysqlclient -lz -lm"
./configure --enable-anon --enable-plain --enable-login --enable-sql \
--disable-krb4 --disable-otp --disable-cram --disable-digest \
--with-mysql=/usr/lib/mysql --without-pam --without-saslauthd \
--without-pwcheck --prefix=/usr --with-plugindir=/usr/lib/sasl2
make -j2; make install

Installing postfix with mysql support

Download postfix source ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.5.5.tar.gz

# without smtp auth
make -f Makefile.init makefiles \
		'CCARGS=-DHAS_MYSQL -I/usr/include/mysql' \
		'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm'
make install

# with smtp auth
make makefiles \
	'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl' \
	'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lsasl2'
make install

main.cf

# virtual stuff. We're going to punt and make all virtual mail users use the same UID:GID of Postfix. 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_valias.cf
virtual_gid_maps = static:89
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_vdomains.cf
virtual_mailbox_limit = 112400000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_vmailbox.cf
virtual_minimum_uid = 89
virtual_transport = virtual
virtual_uid_maps = static:89
alias_maps = mysql:/etc/postfix/mysql_valias.cf

mysql_valias.cf

user = postfix
password = xxxx
hosts = activedb
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

mysql_vdomains.cf

user = postfix
password = xxxx
hosts = activedb
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

mysql_vmailbox.cf

user = postfix
password = xxxx
hosts = activedb
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

Building courier rpm's

rpmbuild -ta courier-authlib.tar.bz2
cd /usr/src/redhat/RPMS/i386/
rpm -ivh courier-authlib*

useradd courier
chown -R courier /usr/src/redhat
rpmbuild -ta courier-imap.tar.bz2
cd /usr/src/redhat/RPMS/i386/
rpm -ivh courier-imap*
chown -R root /usr/src/redhat

edit authmysqlrc - the single quote is important as these parameters are passwd to mysql as a query.

MYSQL_SERVER            activedb
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          xxxx
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_CLEAR_PWFIELD     password
MYSQL_UID_FIELD         '89'
MYSQL_GID_FIELD         '89'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        '/var/vmail'
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir

edit autodaemonrc

authmodulelist="authmysql authpam"
DEBUG_LOGIN=1

http://gentoo-wiki.com/HOWTO_Setup_a_Virtual_Postfix/Courier_Mail_System_with_PostfixAdmin

Postfixadmin (pfa)

Create the database to be used by pfa

mysql> create database postfix;
mysql> grant all on postfix.* to postfix@'%' identified by 'xxxx';

Download and extract to somewhere
edit httpd.conf and create an alias for postfixadmin
up2date php-mysql php-mbstring php-imap
edit config.inc.php and put in the correct mysql password

$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'activedb';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'xxxx';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
...
$CONF['encrypt'] = 'md5crypt';

goto http://host/pfa/setup.php which will populate your database

Create an admin account
admin@domain.com / master_pwd

Create virtual domains

Using PFA, create a new domain, then a new mailbox. use authtest user@domain.tld password to test if the password created by pfa can be verified by courier-authlib

Sqirrelmail

Download and extract. Then run ./configure

SMTP Auth

When we installed cyrus-sasl from source, a config file can be supplied to sasl for smtp authentication. This file is hard-coded at /usr/lib/sasl2/smtpd.conf AFAIK. I'm configuring it to use courier authdaemon to handle authentication for obvious reason - I use that for imap and pop3 too. Just one thing, you need to chmod o+x /var/spool/authdaemon or else you will get a permission denied error like one below.

/usr/lib/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/spool/authdaemon/socket

error

warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied

auto responder plugin for squirrelmail

Download with svn client

svn co http://squirrelmail-postfixadmin.palepurple.co.uk/svn/trunk/

Install

You should read the INSTALL file.

yum install php-pear php-pear-MDB2 php-pear-MDB2-Driver-mysql
svn co http://squirrelmail-postfixadmin.palepurple.co.uk/svn/trunk/
mv directory to $SQUIRREMAIL_home/plugins/
mv config.php.sample config.php
cd $SQUIRRELMAIL_HOME/config
./conf.pl # enable the plugin

# Install vacation.pl
useradd -d /var/spool/vacation vacation
cp /var/www/pfa/VIRTUAL/vacation.pl /var/spool/vacation
chmod 711 /var/spool/vacation/vacation.pl
chown vacation:vacation /var/spool/vacation/vacation.pl
edit vacation.pl and correct the database connection info

The squirrelmail plugin sets up the postfix database. the vacation message is sent by vacation.pl that comes with pfa. basically, one need to create a new record in postfix.vacation, set the goto field to joeuser#something.com@autoreply.yourdomain.com. then configure postfix to deliver mail for autoreply.yourdomain.com to vacation.pl, which does the sending.

That being said, you need to configure postfix to handle that special domain:

main.cf

transport_maps = hash:/etc/postfix/transport

# run "postmap /etc/postfix/transport" to generate transport.db

transport

autoreply.domain.tld     vacation:

master.cf

#vacation from postfixadmin

vacation    unix  -       n       n       -       -       pipe

  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

more details can be found under $PFA/VIRTUAL_VACATION/INSTALL. The following perl modules are required:

DBI <-- important to install this one before the next one.
DBD::mysql
MIME::EncWords
Email::Valid
Mail::Sendmail

Create the vacation user. One should also edit the log/debug file in /var/spool/vacation/vacation.pl. touch the log files and make sure they are writable by the vacation user.

One more thing, the squirrelmail plugin doesn't adds the same email to the goto address. prolly need to edit the script to add the correct, delimited format.

A few commands that may help you

Test courier authdaemon

authtest -s smtp user@domain.tld some_pass

Dovecot

http://wiki.dovecot.org/HowTo/DovecotPostgresql

dovecot.conf

protocols = imap imaps pop3 pop3s

listen = *

disable_plaintext_auth = no

log_path =  /var/log/dovecot.err

info_log_path = /var/log/dovecot.log

log_timestamp = "%b %d %H:%M:%S "

ssl_disable = yes

mail_location = maildir:/home/vmail/%u

mail_privileged_group = mail

mail_debug = yes

dotlock_use_excl = yes

verbose_proctitle = yes

first_valid_uid = 125

first_valid_gid = 125

maildir_copy_with_hardlinks = yes

protocol imap {

  login_greeting_capability = yes

  imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep

}

protocol pop3 {

  pop3_uidl_format = %08Xu%08Xv

  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

}

protocol lda {

  postmaster_address = postmaster@example.com

  sendmail_path = /usr/sbin/sendmail

}

auth_username_format = %Lu

auth_verbose = yes

auth_debug = yes

auth_debug_passwords = yes

auth default {

  mechanisms = plain login

  passdb sql {

    args = /usr/local/etc/dovecot-sql.conf

  }

  userdb sql {

    args = /usr/local/etc/dovecot-sql.conf

  }

  user = root

  socket listen {

    client {

        path =  /var/spool/postfix/private/auth

        mode = 0660

        user = postfix

        group = postfix

    }

  }

}

dovecot-sql.conf

driver = pgsql

connect = host=localhost dbname=postfix user=postfix password=xxxxx

default_pass_scheme = MD5

password_query = SELECT username as user, password FROM mailbox WHERE username = '%u'

user_query = SELECT '/home/vmail/'||maildir AS home, '125' AS uid, '125' AS gid FROM mailbox WHERE username = '%u'